Page 2 of 2 FirstFirst 12
Results 11 to 19 of 19

Thread: Somebody us tryng to break into m PC, see the logs. PLS HELP!

  1. #11
    Join Date
    Apr 2008
    Location
    Dulles, VA
    Beans
    392
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Somebody us tryng to break into m PC, see the logs. PLS HELP!

    Thank you all for the feedback. I guess I should have been more prepared. I thought OpenSSH is secure by default but I guess there're ways to improve it even more. I think I will wipe the PC and reload it. I just use it to surf the net and remote in from work so I don't have to back up anything.Then I will try changing all the options for using keys and denyhosts. I'll report back when I'm back up and running. Thanks again to all

  2. #12
    Join Date
    Jan 2009
    Beans
    6

    Re: Somebody us tryng to break into m PC, see the logs. PLS HELP!

    OpenSSH is only as secure as you make it.

    If you are never going to log into that machine remotely then you may wish to turn off sshd completely.

    Code:
    sudo /etc/init.d/ssh stop
    sudo rm /etc/rc2.d/S16ssh
    If you are wanting the ability to log in remotely then you can start to think about some additional security methods, such as:

    • Using keys rather than passwords
    • Changing the default port
    • DenyHosts (as mentioned before)
    • Restricting who can log in via sshd
    • Restricting where they can log in from

  3. #13
    Join Date
    Jan 2006
    Beans
    1,237
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Somebody us tryng to break into m PC, see the logs. PLS HELP!

    Quote Originally Posted by bmwman View Post
    Thank you all for the feedback. I guess I should have been more prepared. I thought OpenSSH is secure by default but I guess there're ways to improve it even more. I think I will wipe the PC and reload it. I just use it to surf the net and remote in from work so I don't have to back up anything.Then I will try changing all the options for using keys and denyhosts. I'll report back when I'm back up and running. Thanks again to all
    as you see from logs openssh is pretty secure. in the end they couldn't pentrate to your system.

  4. #14
    Join Date
    Dec 2007
    Location
    Idaho
    Beans
    4,976
    Distro
    Ubuntu 20.04 Focal Fossa

    Re: Somebody us tryng to break into m PC, see the logs. PLS HELP!

    Quote Originally Posted by bmwman View Post
    Thank you all for the feedback. I guess I should have been more prepared. I thought OpenSSH is secure by default but I guess there're ways to improve it even more. I think I will wipe the PC and reload it. I just use it to surf the net and remote in from work so I don't have to back up anything.Then I will try changing all the options for using keys and denyhosts. I'll report back when I'm back up and running. Thanks again to all
    Honestly Openssh is very secure by default, as long as your account passwords are good passwords. There's no need to wipe the pc it never got compromised.
    "You can't expect to hold supreme executive power just because some watery tart lobbed a sword at you"

    "Don't let your mind wander -- it's too little to be let out alone."

  5. #15
    Join Date
    Apr 2008
    Location
    Dulles, VA
    Beans
    392
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Somebody us tryng to break into m PC, see the logs. PLS HELP!

    I can change my password and create a weird named user for login. I need to read some more on how to restrict only ONE user that I desginate to be able to login and use key instead of password, of coarse the denyhosts as well.

  6. #16
    Join Date
    May 2006
    Location
    Madras, India.
    Beans
    533
    Distro
    Ubuntu 8.04 Hardy Heron

    Re: Somebody us tryng to break into m PC, see the logs. PLS HELP!

    Coincidentally, I did the same thing just yesterday (locked down my ssh server). A few tips are mentioned on the Ubuntu Wiki here: https://help.ubuntu.com/community/AdvancedOpenSSH
    May the FOSS be with you!

  7. #17
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: Somebody us tryng to break into m PC, see the logs. PLS HELP!

    Quote Originally Posted by bmwman View Post
    I can change my password and create a weird named user for login. I need to read some more on how to restrict only ONE user that I desginate to be able to login and use key instead of password, of coarse the denyhosts as well.
    a few modifications to iptables is all you need.

    See :

    http://bodhizazen.net/beginners/Firewall/index.html

    I know it is a long an ugly page, I am working on it as time allows

    Scroll down to the tips section "Block Brute Force attempts (SSH or other connections)"

    And use ssh keys.

    Deny hosts is nice as well, as is fail2ban.
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

  8. #18
    Join Date
    Apr 2008
    Location
    Dulles, VA
    Beans
    392
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Somebody us tryng to break into m PC, see the logs. PLS HELP!

    I just installed DenyHost and I'm configuring it. Here is what changes I did:

    Code:
    # To block all services for the offending host:
    BLOCK_SERVICE = ALL
    Code:
    DENY_THRESHOLD_INVALID: block each host after the number of failed login 
    # attempts has exceeded this value.  This value applies to invalid
    # user login attempts (eg. non-existent user accounts)
    #
    DENY_THRESHOLD_INVALID = 2
    Code:
    # DENY_THRESHOLD_VALID: block each host after the number of failed 
    # login attempts has exceeded this value.  This value applies to valid
    # user login attempts (eg. user accounts that exist in /etc/passwd) except
    # for the "root" user
    #
    DENY_THRESHOLD_VALID = 2
    The rest is the defaults. Is there anything else that I should change in DenyHost?

    P.S. I Also followed this guide:https://help.ubuntu.com/community/AdvancedOpenSSHand did the recommended changes to my config file. I also generated my RSA keys id_rsa and id_rsa.pub. Now I don't understand how can I use those from my other Ubuntu computer at work or with my XP/Putty laptop? The guide is a little confusing at that point.
    Last edited by bmwman; February 2nd, 2009 at 12:03 AM.

  9. #19
    Join Date
    Jan 2009
    Location
    Norway
    Beans
    25
    Distro
    Ubuntu 8.04 Hardy Heron

    Re: Somebody us tryng to break into m PC, see the logs. PLS HELP!

    Quote Originally Posted by gtdaqua View Post
    Time to install denyhosts and keep those bots away!
    Or Fail2Ban. I myopinion Fail2Ban is a better service than denyhost. However for the guy who started the post: get a move on it and secure your server!
    Ubuntu secuirty howto, and more @ cjacobsen.net

Page 2 of 2 FirstFirst 12

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •